Are You NIST Compliant?
You Need To Make Sure You’re Up To Date With The New DFARS Interim Final Rule
Did you know that the Department of Defense (DoD) issued its interim final rule, which went into effect on November 30, 2020?
Whether you were aware or not, if you plan to continue operating in the federal contracting sector, you’ve got work to do.
NIST Compliance In 2020 And Beyond
With NIST 800-171, it’s the contractor’s responsibility to safeguard all data and information related to any work performed for the DoD, including:
- Controlled technical information (CTI)
- Information that would be described as controlled unclassified information (CUI)
- Covered defense information (CDI)
If you’re not compliant, you’re technically no longer qualified to contract with the DoD – no matter which contracts you have in place or the professional relationships you’ve built over the years.
However, in light of the Interim Final Rule, DoD contractors and subcontractors will be required to submit scored self-assessments against current NIST 800-171 requirements under the new rule, which also creates a bridge to CMMC.
Specifically, this new rule adds three new DFARS clauses:
- DFARS 252.204-7019: This clause sets a requirement for an assessment of NIST 800-171 in new contracts from Nov. 30, 2020 onward. Building off the DCMA program, it will act as the bridge to CMMC over the coming years.
- DFARS 252-204-7020: This clause lays out two requirements:
- Contractors are to provide access to “facilities, systems, and personnel” in support of assessments.
- “Subcontractors have results of a current assessment in SPRS prior to contract award.”
- DFARS 252-204-7021: This clause requires CMMC to be included in all contracts moving forward from the deadline. The details of CMMC compliance are in line with previous versions released by the DoD.
Get Expert Assistance Reviewing Your NIST 800-171 Compliance
Our team is available to help you analyze your current compliance and improve it to meet the new standards set by NIST. Doing so will make your business more secure, effective, and competitive in the market.
Becoming NIST compliant with our expert assistance is easy:
- Contact our team and book your Readiness Assessment at a time that fits your schedule
- Our team will assess your environment and IT tools to determine your current state and challenges
- Our team will lay out the necessary steps for your company to meet NIST 800-171 (and future CMMC requirements)